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TEXT: 

One of the biggest problems users face in the information age is the 
bulging wallet. But this could all change with the wide acceptance of 
smartcards, writes Bob Walder 

Wouldn ! t it be nice if users only had to carry one card? This would 
allow them to make purchases, borrow a library book and make a phone call. 
It could even be used to gain access to a place of work, and allow the 
holder to participate in a few well-chosen store loyalty schemes. Plus it 
would contain driving licence, passport, National Insurance, personal and 
medical records . 

This is all possible thanks to smartcards . Similar in appearance to a 
standard credit card, the smartcard sports a 10mm square gold-coloured 
computer chip. 

Most people are already familiar with the smaller format smartcards 
used in cellular phones, known as Subscriber Information Module (SIM) 
cards. The most common implementation of the full-size card in the UK is 
that used as a "viewing card" for satellite TV services. 

Smartcards are already considered "everyday" items in many European 
countries. More than 100 million pay phone cards and 22 million bank cards 
are in use in France; 80 million health insurance cards have been issued in 
Germany; 50 countries have implemented pay phone technology; and over 20 
countries are using some form of electronic wallet. 

Depending on the designated function of the smartcard, the on-board 
chip can consist of anything from simple Eprom memory (ie in the case of a 
phone card) to a full-blown tamper-proof "computer-on-a-chip", including an 
8-bit microprocessor, Ram, Rom and Eprom. 

The on-board CPU can process, share and store information, allowing 
the card to be used in a variety of applications. As well as being able to 
store much more information than the standard magnetic strip card, the key 
advantage to smartcard technology is the ability to process information in 
line with preprogrammed guidelines. This "programmability" provides the 
flexibility required to allow the card to assume multiple "personalities" - 
as a library ticket one minute, and an electronic purse the next. 

In the future, it should even be possible for multiple applications 
stored on the same card to interact with each other. Smartcards also 
provide us with so much more in the way of security than has been hitherto 
available with software-only solutions. They provide an additional 
"physical" level of security over and above that offered by the usual 
password protection mechanisms. 

For instance, if a password is compromised, it is a simple matter for 
an unauthorised user to gain access to a protected system. When access to 
that system, also requires the physical presence of a smartcard in a card 
reader (coupled with the entry of a personal identity number to provide 
access to that card), life is made that much more difficult for the 
would-be hacker. 

Another benefit of smartcards is their ability to store a user's 
personal encryption keys and digital certificates. The fact that almost any 
number could be stored securely within a card means that a separate key can 
be issued per application per user. It also means we can use keys of the 



maximum length allowed by law in any given country, without having to rely 
on manual entry by the user. 

Once the keys and certificates are safely stored within the card 
memory, they become completely portable, whereas at the moment, a user's 
digital certificate is often locked to a particular application on a single 
machine - say a Web browser on a PC at the office. It is even possible for 
the encryption process to be performed by the card, which is often far more 
secure than a PC. 

The portability and security factors combine to make smartcard 
technology suitable for a wide range of applications for the general 
public, including customer loyalty schemes, electronic banking, travel and 
transport, online services, electronic cash and payment mechanisms. 

In the enterprise, there are obvious applications such as physical 
access control to buildings and secure areas, and logical access control to 
networks and other resources. 

Many people will already be familiar with the SecurlD card from 
Security Dynamics, a hardware-based access token. Security Dynamics has 
recently introduced the SecurlD 1100 Smart Card, the first smartcard to 
work with its Ace/Server strong authentication enterprise security 
solutions . 

The new smartcard combines security with convenience, enabling 
organisations to use a single card to protect network and application 
resources from unauthorised access as well as for corporate identity, 
physical security, loyalty, electronic purse and other applications. 

Based on the Gemplus MPCOS multi-application microprocessor card, the 
SecurlD 1100 Smart Card provides the Ace/Server authentication as well as 
offering more than 7Kbyte of free Eprom memory space for additional 
applications . 

This moves us a small step closer to having a single card for 
everything, though there is still an awful long way to go before we can 
throw away our bank cards, driving licence and passport and replace them 
all with a single piece of plastic - however smart it may be. 

What the smartcard jargon means 

* Smartcard - also called an integrated circuit or IC card, with a 
plastic body with a chip embedded in a special cavity. 

* Contact smartcard - operates by making physical contact between the 
card reader and the smartcard 1 s contacts 

* Contactless smartcard - communicates via an antenna using a radio 
frequency signal. No physical contact is required between the card and a 
card reader 

* Electronic purse - any small portable device which stores data with 
a monetary value. The smartcard is the ideal device to implement an 
electronic purse. It is sometimes called the electronic wallet or the 
stored value card. 

* Security access module - is the dedicated microprocessor unit that 
allows the card reader to authenticate the user's identity. 

* Subscriber information module (Sim) - a specific type of smartcard 
for GSM systems holding the subscriber's ID number, thus allowing him to 
call from any GSM device. 

Summary 

Smartcards can contain both memory software and a processor, allowing 
them to act as pure repositories or to run on-board applications. 

There are two main types of cards - contact and contactless. The 
first requires physically inserting in or swiping by a card reader. The 
second merely needs to pass within the vicinity of a reading device. 

New cards are appearing that will allow several applications to be 
stored and run on a single card. This allows the card to act as a passport 
one minute, and an electronic wallet the next. 

New smartcard applications will enable a wide range of facilities on 
the next generation of "smart phones 11 , allowing you to browse the Web and 



order goods using just your cell phone. 
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